gartner essentials: top cybersecuritytrends for 2016-2017

CONFIDENTIAL AND PROPRIETARYThis presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.

Gartner Essentials: Top Cybersecurity Trends for 2016 — 2017

Carsten Casper

Gartner Briefing

28 Apr 2016 | Vienna, Austria

1 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.

Security for the Next Generation of Threat

� A pervasive digital presence is expanding into business, industryand society

� Once networked, this digital presence substantively alters riskfor digital businesses

� Digital security is the next evolution in cybersecurityto protect this pervasive digital presence


Security Macro Trends You Face in the Ageof the Pervasive Digital Presence� Risk and Resilience Seek Balance

� Security Disciplines Converge

� Secure Digital Supply Chain Needs Grow

� Security Skills Options Expand

� Adaptive Security Architecture Embraced

� Security Infrastructure Adapts

� Data Security Governance Arrives

� Digital Business Drives Digital Security


Risk and Resilience Seek Balance


Security Moves to an Embedded State in the Organization

� Governance

� Compliance

� Control

� Protection

� Reliability

� Speed

� Assurance

� Transparency

RISK RESILIENCE

PrivacySafety

ValueCost


Security Principles for Trust and Resilience

Business Outcomes

Risk-Based

Data Flow

Facilitator

Detect and Respond

Principle of Trust and Resilience

People-Centric


People-Centric Security Continues to Be Embraced

Acc

ount

abili

ty

Res

pons

ibili

ty

Imm

edia

cy

Aut

onom

y

Pro

port

iona

lity

Com

mun

ity

Tran

spar

ency

Educate

Monitor

Rights Responsibilities


Take-Aways for Risk and Resilience Balance

� Revisit the security organizational structure to ensure it reflects current mission

� Revise the methods used to calculate IT risk to incorporate new variables and factors

� Develop fast-track methods of addressing security requirements

� Refine the security communication and education process to emphasize agility


Security Disciplines Converge


Digital Security for the Pervasive Digital Presence

Defense

Offense

Reactive

Proactive

IoT Security

Information Security

IT Security

OTSecurity

PhysicalSecurity

You Are Here

Digital Security


"Digital Safety" Becomes a New Force and Responsibility

The CIAS Model of Digital Security

Integrity

Data

People

Environments

Confidentiality

Availability

Safety

Graphics: Can Stock Photo


Take-Aways for Security Convergence

� Establish security governance and planning relationships with physical and industrial counterparts

� Improve cross-discipline procurement methods for security requirements

� Modify security architecture to include additional layers where required

� Investigate changes in security management and operations that may be required to accommodate convergence


Secure Digital Supply Chain Needs Grow


Integrated Digital Security for the Supply Chain(s)

SUPPLY CHAIN

DIGITAL SUPPLY CHAIN

DIGITAL SECURITY FOR THESUPPLY CHAIN(S)

IoT Security

Information Security

IT Security

OTSecurity

PhysicalSecurity

Digital Security


SIEM

Software AssetManagement

Expanding (and Confusing) SaaS Control Add-On Markets

Today's enterprise suffers from coordination frustr ation. Encouraging evolution of multicloud, multifunction management consoles.

Activity Threat Control

Archive and Recovery

Cloud Access Security Broker

EMM

Confidentiality

IDaaS

SaaS AggregationTool

Mobile Device Management

Before and During Login

After Login

Service Monitoring

Malware Control


Take-Aways for Securing the Cloud (Supply Chain)

� Develop an enterprise public cloud strategy.

� Implement and enforce policieson usage responsibility and cloud risk acceptance.

� Follow a cloud life cyclegovernance approach.

� Develop expertise in the security and control each cloud model used.

� Implement technologies to fight cloud diffusion complexity.

Conduct Risk Assessment(decision establishesrequirements for technical andprocess controls)

Medium

Exposure

Potential Impact of Security Failure

Bus

ines

s C

ontr

ibut

ion

(Val

ue o

f Ser

vice

)Low High

Always Allowed

Low

High

Do

Not

Allo

wD

o N

ot A

llow


Security Skills Options Expand


Assess the Most Critical Skills Impacts of Digital Security

Already, Traditional Security Strategies Are Shifting To:

Contextual Security Monitoring and Response

Ubiquitous Identity Management

Data Classes,Data Governance

Security Awareness, Privacy & Behavior

01011 Embedded Security

Network Segmentation, Engineering

PhysicalSecurityAutomation


Key Take-Aways to Accelerate Skills Generation and Convergence� Build a long-term security

workforce plan.

� Make coaching and skills development first task.

� Embed security skills withinthe lines-of-business.

� Change security specialiststo "versatilists."

� Mix traditional and agile recruitment techniques.

� Evaluate current skills gaps.


Adaptive Security Architecture Is Embraced


Software-Defined Everything, Including Security

"Data Plane"

"Control Plane"

APIAPI API API

APIAPI API

Southbound APIs

Northbound APIs

Layers of Abstraction

APIPlatform

APIs

Applications


Respond Detect

Detect incidents

Prevent attacks

Confirm and prioritize risk

Contain incidents

Isolate systems

Predict Prevent

Harden systems

Compliance

Policy

Monitor posture

Adjustposture

Implementposture

Adjust posture

ContinuousVisibility and Verification

UsersSystems

System activityPayloadNetwork

Investigate incidents/retrospective analysis

Remediate

Anticipate threats/attacks

Risk-prioritizedexposure assessment

Design/Model policy change

Baseline systemsand security

posture

Develop an Adaptive Security Architecture


Threat Intelligence Platforms Allow You to Visualize, Correlate and Gain Context

EmergingThreats

ShadowserverZeuS

Tracker

Abuse.ch

Open-Source MRTI Feeds

Norse

IIDCyveillance

Malcovery

Commercial Feeds

GeoIP MalwareLookup

Domain Tools

Enrichment Services

News RSSFeeds

Websites

OSINT Sources

Threat Intelligence Platform

Analytics Threat IntelligenceProcessing

VisualizationReporting

Forensics Threat IntelligenceSharing

IncidentResponse

SOCAnalyst

Fraud ThreatAnalyst

Management MalwareAnalyst

HelpDesk

People

Process

Circle ofTrust Sharing

Workflow/Escalation

Communication Fraud

Technology

Secure WebGateway

NGFW

IPS/IDS Logs


Take-Aways for Adaptive Security Architecture

� Shift security mindset from "incidentresponse" to "continuous response"

� Spend less on prevention; invest in detection,response and predictive capabilities

� Favor context-aware network, endpointand application security protection platforms

� Develop a security operations center

� Architect for comprehensive, continuous monitoring at all layersof the IT stack.

Graphics source: istock, http://www.istockphoto.com/photo/life-cycle-of-great-mormon-butterfly-gm505604992-83758525


Security Infrastructure Adapts


Embed Application Security Testing into the Life Cycle

1 Analysis

2 Design

3 Programming

4 Test

5 Operations


Attacks Through Internetor Wireless Networks

Attacks Through LocalWireless Networks

Lower DefenseCapabilities

RiskAggregation

Attacks Through LocalWireless Networks

and Users/Endpoints

SensorsActuators

Things

AggregatorsControllers

IoT Platform

New Network Security Concerns in the Pervasive Digital Presence


Model of a Trusted Execution Environment (TEE)


Data Security Governance Arrives


Develop a Data-Centric Audit and Protection Approach

ActivityMonitoring

Assessmentof Users

and Permissions

User Monitoringand Auditing

Data SecurityPolicy

Data Classificationand Discovery Policy

Data SecurityControls

Protection

Analysis andReporting

Blocking, Encryption,Tokenization

and Data Masking


Take-Aways for Data Security Governance

� Prioritize organization-wide data securitygovernance and policy.

� Identify and implement risk-appropriatedata security controls by data typewhere possible.

� Implement a DCAP strategy that includesdisciplined and formal product selection.

� Incorporate big data plans and uniquerequirements into security strategy.

Graphics Source: iStock - http://www.istockphoto.com/photo/undecided-businessman-gm471659278-62910804?st=ccbc429


Digital Business Drives Digital Security


Securing a Pervasive Digital Presence(the Internet of Things)

Gateways

Things Agents

AnalyticsApplications

Data

Cloud Mobile MES,ERP Partners

IoT Platform Middleware

Core Business Processes

IoT Edge Processing

CommunicationsIntegration

Integration Communications

� Security requirements:– Policy creation and management– Monitoring, detection and response– Access control and management– Data protection– Network segmentation

� Key challenges:– Scale– Diversity (age and type)– Function– Regulation– Privacy– Standardization

Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize segmentation and access initially.


EnterpriseConsumer

� Business Disruption� Espionage and Fraud� Financial Waste

Cyber Risks and Consequences in an IoT Solution

IoTPlatform

� Platform Hacking� Data Snooping

and Tampering� Sabotaging Automation

and Devices

Edge

� Device Impersonation� Device Hacking� Device Counterfeiting� Snooping, Tampering,

Disruption, Damage

Dev. Prod.


IAM Trends of 2015-2016 That Include an Identity of Things

IAM Program Managementand Governance

(Digital)Business and Operational Needs

(Digital)Risk Management and Compliance

Things

People

Apps andData

Relationships

Interactions


Take-Aways for Digital Security

� Balance Risk and Resilience

� Make the Security Discipline Decision

� Enhance Digital Security Supply Chains

� Retool Security Skills

� Embrace Adaptive Security Architecture

� Selective Improve Security Infrastructure

� Embrace Data Security Governance


Recommended Gartner Research

� Cybersecurity Scenario 2020 Phase 2: Guardians for Big ChangeEarl Perkins and F. Christian Byrnes (G00279414)

� Predicts 2016: Security for the Internet of ThingsRay Wagner, Earl Perkins, Greg Young and Others (G00293187)

� Designing an Adaptive Security Architecture for Protectionfrom Advanced AttacksNeil MacDonald and Peter Firstbrook (G00259490)

� Cloud Security and Emerging Technology Security Primer for 2016Jay Heiser (G00293190)

For more information, stop by Gartner Research Zone.